Dell Command Line Reference Guide for the S4048–ON System 9.14.2.8

PDF

crypto cert generate

Generates a Certificate Signing Request (CSR) or a self-signed certificate.

Syntax
crypto cert generate {self-signed | request} [cert-file cert-path key-file {private | key-path}] [country 2-letter code] [state state] [locality city] [organization organization-name] [orgunit unit-name] [cname common-name] [email email-address] [validity days] [length length] [altname alt-name]
Parameters
self-signed
Enter the keyword self-signed to create a self-signed certificate.
request
Enter the keyword request to create a certificate signing request.
cert-file
Enter the keyword cert-file to specify that the certificate needs to be created.
NOTE: If the cert-file option is not specified in the command, then the system interactively prompts you to fill in rest of the fields of the certificate signing request (CSR).
cert-path
Enter the path to locally store the self-signed certificate or CSR. The path can be a full path or a relative path. If the system accepts this path, a notification is sent indicating the location where the CSR file is stored. You can then export the CSR to a CA using the “copy” command. Following is an example of a path that you can specify: flash://certs/s4810-001-request.csr.
key-file
Enter the keyword key-file to specify the private key.
private
Enter the keyword private to specify that the key is stored in a hidden location in the NVRAM. Only one private key can exist in a hidden location at any given point in time.
key-path
Enter the absolute or relative location on the device where the key is stored.
country 2–letter-code
(OPTIONAL) Enter the keyword country followed by the two letter code that is used to identify the country name.
state state
(OPTIONAL) Enter the keyword state followed by the name of the state.
locality city
(OPTIONAL) Enter the keyword locality followed by the name of the city.
organization organization-name
(OPTIONAL) Enter the keyword organization followed by the name of the organization.
orgunit unit-name
(OPTIONAL) Enter the keyword orgunit followed by the name of the unit.
cname common-name
Enter the keyword cname followed by the common name that you want to assign.
NOTE: Common Name is an important attribute while creating a CSR or a self-signed certificate. Common name is the main identity presented to connecting entities. By default, the device’s host name acts as the common name. However, you can still configure a different common name for the device. For example, you can specify an IP address to act as a Common Name for the device. If the Common Name does not match the device’s presented identity, then even a properly signed certificate does not validate correctly.
email email-address
(OPTIONAL) Enter the keyword email followed a valid email address used for communication with the organization.
validity days
(OPTIONAL) Enter the keyword validity followed by the number of days for which the certificate is valid.
NOTE: For CSRs, validity has no effect. For self-signed certificates, if validity is not specified, it defaults to 3650 days, or 10 years.
length length
(OPTIONAL) Enter the keyword length followed by a bit length value. The default key length for both FIPS and non-FIPS mode is 2048. Minimum key length value for FIPS mode is 2048. The range is from 2048 to 4096. Minimum key length value for non-FIPS mode is 1024. The range is from 1024 to 4096.
altname altname
(OPTIONAL) Enter the keyword altname followed by the subject alternate name for the organization. For example, altname IP:192.168.1.100.
Defaults
NA.
Command Modes
EXEC Privilege
Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC Networking OS Command Line Reference Guide.

The following is a list of the Dell EMC Networking OS version history for this command:

Version
Description
9.11.0.0
Introduced the command.
Usage Information

The following RBAC roles are allowed to issue this command:

  • sysadmin
  • secadmin
If the cert-file option is not specified in the command, then the system interactively prompts you to fill in various fields of the certificate signing request (CSR). You are prompted to fill out some metadata information for the certificate. The following example shows the fields that you are prompted to fill:
You are about to be asked to enter information that will be incorporated into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank.
For some fields there will be a default value; if you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) []:Starfleet Command
Organizational Unit Name (eg, section) []:NCC-1701A
Common Name (eg, YOUR name) [S4810-001]:
Email Address []:scotty@starfleet.com

You can enter only 256 characters per command. If you have field values that are larger than 256 characters in length, use the interactive mode of the command.

Related Commands

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\